Transmission networks using the RSA public-key algorithm (for example as disclosed in U.S. Pat. No. 4,405,829) have been in use throughout the world for more than 10 years. RSA is the first algorithm known to be suitable for signing as well as encryption, and was one of the first great advances in public key cryptography. In particular, the RSA algorithm is one of the building block of the Transport Layer Security (TLS) protocol that provides security for communication systems (such as media players, laptop computers, smartphones and servers) over networks like the Internet. More precisely, the RSA algorithm provides the required security necessary to exchange a secret key between separated parties. This exchanged key can ultimately be used in a symmetric cipher (e.g. AES, 3DES, etc) for encrypted communication.
The RSA algorithm is based on the assumption that factoring large numbers is difficult and is believed to be secure given sufficiently long private/public key pairs and the use of up-to-date implementations. Similar public key algorithms are based on other difficulties such as the discrete log problem, i.e. DSA (U.S. Pat. No. 5,231,668) and Diffie-Hellman (U.S. Pat. No. 4,200,770) while others, i.e. Elliptic Curve Cryptography (e.g. U.S. Pat. No. 6,563,928), are based on the intractability of finding the discrete logarithm of an elliptic curve element. However, it is possible that algorithms faster than those currently available for factoring large numbers (or finding discrete logarithms) will be discovered. Other methods to break certain implementations of public key algorithms have also been discovered. For example, recent experiments (Pelligrini A. et al, “Fault-based attack of RSA authentication” 2010 Proceedings of the Conference on Design, Automation and Test in Europe) have demonstrated the ability to crack RSA's 1024 bit private key, using a hardware attack, in less than 100 hours and without leaving a single trace.
Quantum key distribution (QKD) is an alternative to public key distribution to exchange secret keys between authorized parties. QKD is based on the idea that key bits are encoded in quantum systems (e.g. single photons) and exchanged between the parties. An important and unique property of QKD is the ability of the two communicating users to detect the presence of any third party trying to gain knowledge of the key. This results from a fundamental aspect of quantum mechanics: the process of measuring a quantum system in general disturbs the system. A third party trying to eavesdrop on the key must in some way measure it, thus introducing detectable anomalies. In contrast to traditional public key distribution protocols that rely on mathematical hypotheses, QKD elegantly relies on the laws of nature being correct. The most practical implementation of QKD today implies sending weak photon pulses in optical fibres (see e.g., U.S. Pat. No. 6,438,234 and U.S. Pat. No. 7,403,623). However, since it requires information to travel on passive optical channels, its implementation on regenerative and mixed opto-electronical transmission networks such as the Internet is impossible. Furthermore the private-key generation rate is limited by optical attenuation on optical fibres for which no practical solution is currently available. Also, serious flaws of commercial QKD implementations have been demonstrated rendering the systems completely vulnerable to eavesdropping (Lydersen L. et. al., “Hacking commercial quantum cryptography systems by tailored bright illumination”, Nature Photonics, Vol. 4, PP. 686-689 (2010)).
New trends in network data processing, especially cloud computing, video delivery, and multi-party communications, impose new constraints in terms of the computational resources required to achieve the security levels which are deemed acceptable to prevent unlawful breaches. These new trends will require high-rate key-distribution methods that are not only secure but also scalable.
Since none of the previous protocols enable high-rate secret-key distribution, modern cryptography relies on symmetric cipher algorithms (such as AES, 3DES, etc) that use keys which are much shorter than the plain-text message. They are not information-theoretically secure.